CCCure in partnership with Espion will be delivering a CISSP® Boot Camps in Europe (London and Dublin) in the first quater of 2015.

NOW, is the best time to become certified before changes to the CBK® are introduced later this year.

Our training classes have maintained a passing rate about 90%. We have mastered the CISSP® CBK® and we can help you become certified now. The class will be delivered by Clement Dupuis, CD who is a master of the CISSP® CBK®. Nobody knows the CBK® better than Clement, he has delivered this class more than 200 times over the past 15 years. Clement is the owner of CCCure, a Portal recognize as the best portal for CISSP® in becoming. A class with Clement is always a great experience, he brings dozens of years of experience directly from the information security trenches.

WHY SHOULD I TAKE YOUR TRAINING INSTEAD OF THE OFFICIAL ISC2® TRAINING

Our training package uses the holistic approach. We will provide you with knowledge and skills and we will also ensure you received the knowledge necessary to pass the exam. We will help you achieve your certification goals. The official training from ISC2® DOES NOT teach directly to it's own examinations credentials. Our training WILL teach you the examination credential you need for your exam. See the extract below from the ISC2® web site explaining this.

I have started to look in details at the new CBK® coming into effect on f15th of April 2015.

The new CBK® list a bit more than 109 references used within the CBK. This list is always a great indicator of what has changed, what was added, and what was deleted.

The CBK was last updated in January of 2012, prior to this it was updated about 4 years earlier. So the current CBK still has a majority of content dating back as far as 7 years ago and in some case even further back. Doing an update every 3 to 4 years in the field of Information Security is not adequate considering how fast things are changing.

The changes introduced are mostly within 3 domains: Asset Security, Security Assessment and Testing, and Security Operations. Very minor as far as content is concerned.

What has changed within the references used:

1. Thirteen of the reference were updated to the latest version of the book published.

2. Thirteen new references were introduced as listed below:

Domain 1 - SECURITY AND RISK MANAGEMENT

PCI DSS Standard 2013

Domain 2 - ASSET SECURITY

Data Remance: Secure Detetion of datain Solid State Drive

Vulnerability Assessment of Physical Protection Systems

IT Asset management

Protection of Assets: Security Management

Domain 3 - SECURITY ENGINEERING

Nothing new

Domain 4 - COMMUNICATION AND NETWORK SECURITY

Nothing new

Domain 5 - IDENTITY AND ACCESS MANAGEMENT

Nothing new

Domain 6 - SECURITY ASSESSMENT AND TESTING

Backtrack 4: Assuring Security by Penetration Testing

Security Log Management: Identifying Patterns in the chaos

Web Security Testing Cookbook

SOA Security

How to break Web Software

Domain 7 - SECURITY OPERATIONS

Digital Evidence and Computer Crime Forensic Science

Cloud Security Alliance Guidance for critical areas of focus

Practical Intrusion Analysis

Domain 8 - SOFTWARE DEVELOPMENT SECURITY

Nothing new

3. Only 2 of the 2013 CBK® references were retired and removed from the list.

THE BIG QUESTION: DO I NEED TO BUY TONS OF NEW REFERENCES AND BOOKS?

NO!

As mentioned above it is mostly the same content mixed with 8 domains instead of 10 domains like it used to be. The new focus is better coverage of the cloud and it's security (or the lack of), a huge focus on Web and Applications assessment and testing, and a bit more content about Forensics and Intrusion Detection.

Fortunately our courseware being holistic we already covered all of these new topics.

As I go through the new CBK in more detailsI will come out with other posts providing more details. So far, there is no need to panic, it is the same OLD, same OLD with a few minor things added.

See below some interesting facts about HOW OLD the references being used and listed within the CBK are. As you can see there is only a few of the references that were published within the past 5 years. See the list below:

ISC2 announce changes to the CISSP CBK as of 15 April 2015Posted by boss on Friday, 16 January 2015 @ 09:23:03 CET (1393 reads)TopicCISSP OSG INFO

NOW IS THE BEST TIME TO GET CERTIFIED -- BEFORE THE CHANGES BELOW WILL BE INTRODUCED LATER IN THE YEAR

Good day to all,

As you may be aware ISC2® has just released a new Common Body of Knowledge (CBK®) for the CISSP® and SSCP® exam. This new CBK® will become effective as of the 15 April 2015 along with the new exam being available at that time.

There is no need to panic right now. It is more a refresh than a brand new CBK®. Even the ISC2® books and resources have not been updated yet. Over the next few days and weeks I will be comparing the old CBK® to the new CBK® and will post a message on what has REALLY changed.

ISC2® in their announcement state very clearly: Content was not removed from the exam and/or training material, but rather refreshed and reorganized to include the most current information and best practices relevant to the global information security industry.

BELOW YOU HAVE THE LIST OF THE NEW CISSP DOMAINS NAMES, Effective April 15, 2015

As far as study books are concerned, keep using the one you have right now. ISC2® is planning to release a new update to their book before the end of March 2015. We will see if the target date is maintained or not.

CCCure is committed to provide up to date information and we will be updating our material to reflect those changes.

CCCure New year Wishes and Update on what is happeningPosted by boss on Saturday, 03 January 2015 @ 12:07:41 CET (1006 reads)TopicCISSP OSG INFO

Good day to all,

First, let me wish you a great year 2015 and success in all of your learning projects or any other projects you may have. Above all, I wish you HEALTH and happiness for you and all of your family members. Your loved ones are always the most important thing to look after and protect.

Year 2014 was full of success for CCCure but I also had my personal share of personal issues and challenges. I am looking forward to a more quiet 2015. I was so involved and working so many hours on providing resources and supporting the CCCure community over the past year that it stressed my relationship of 30 years with my wife Nathalie to the point of failure. Fortunately we stopped on time, look at where we are and decided some major changes were needed in order to better balance work and life. With personal experience, I can tell you that you must look after your loved ones first and foremost. Work will be there tomorrow but your family may not be if you neglect them and get lost in your daily work. Yes, we must work hard to be their providers but money is not all, what they need the most is your true presence and LOVE.

Nathalie had some serious health issues as well, she had an agressive cancer on one of her ear, after two surgeries the doctors announced she is now cancer free. That was the best news of 2014 and it made us so happy. When major event like this takes place, it changes your perspective on life. Live today and live fully. On top of all this, Nathalie finished year 2014 with a very severe case of Virtigo, which she is still fighting daily. She is getting better and time will push it completely away.

For 2015 my goals are simple: Spend more time with the family, Get in better physical shape (it is easy to become the big fat IT guy or gal). Our jobs are full of stress and we forgot that we must take good care of our health in order to sustain and deal with such stress.

WHAT DOES THIS MEANS FOR CCCURE

In 2015, we will attempt to run CCCure much more like any other business instead of running it 7 days a week and 16 hours a day. We will work just as hard but in a smarter way. We will keep our support to 5 days a week from 0800 AM until 5 PM. Just like any normal business do.

We intend to expand our online offering a lot in 2015, my long term dream would be to travel less and do more online to help a larger portion of the community.

HOW CAN YOU HELP

We rarely every ask for help from our community. At this time I would like to ask you for such help. If you could forward our contact info to your friends who are studying and getting ready for their certification exam I would greatly appreciate. There are still many people who have never heard of us. We keep our prices EXTREMELY competitive and do not have money to spend on massive advertising. We relay on word of mouth which is still the best publicity.

As a New Year and Holiday gift to me and Nathalie, I would ask you to let your friend know about the resources we have below:

OUR NEW LEARNING PORTALThe learning portal is coming along very well, we have resources for the CISSP, the CEH, and the Security+ exams. Your can find it at: https://cccure.training/index.php

What a devastating news I hear this morning. My long term friend passed away. She was so young and such an inspiration to others. It is a very sad day for sure.

On the 16 of September we were trading emails and she did not let her sickness transpire and she did not ever complain once or even mention it. She was dynamic in her response and she soldier on as long as she could. I was aware she was very sick but never taught it was progressing that fast.

Shon was a lot more to me than a business associate, we went through a lot together, sharing success and failure, sharing our geek stories, and more specifically our crazy stories about the world of Information Security Training and it's craziness. She was my listening ear that I could trust and she understood very well some of the challenges I and her were going through.

I will miss you dearly my friend. I know that you are on the high speed highway to heaven. You have a place reserved for you beside your Dad.

You have blessed so many by sharing your knowledge and always being available to your friends even in your last few days. You soldiered on to your last breath.

After a long and devastating illness, Shon passed away on October 8, 2014. Shon founded and was CEO of Logical Security, an information consultant, a former engineer in the Air Force Information Warfare unit, instructor and best-selling author of many books on IT Security. Shon was recognized as one of the top 25 women in the Information Security field. Shon's family and friends have always been proud of Shon and have loved her. That clever wit and her humorous stories were always a treat. Shon was very generous to many people and causes throughout her life. We will all miss her in our many, individual ways. Her mother is not alone when she says there is now a hole in her heart. Shon leaves the following family behind, Aunts Diane (John) Marshall and their children and grandchildren, Kristy (David) Gorenz and their children and grandchildren, Brothers and sisters Kevin Conlon (Kim), Brian Conlon, John (Debbie) Conlon, Brendan (Jamie) Conlon, Tanya (Mark) Abrams and Erica Stigleman and her children, Father Lance Foster and Mother Kathy Conlon. Shon is meeting dad, Thomas Conlon, grandparents George and Marge Fairbairn in heaven.

The Holistic CISSP CBT Tutorial for the BCP and DRP domain of the CBKPosted by boss on Friday, 08 August 2014 @ 22:01:39 CEST (2367 reads)TopicCISSP CBT training

Dear members,

The CCCure Learning Portal is our new Learning Portal and it will eventually replaced CCCure.org. The CCCure.Org has lots of legacy, it has some spammer posting within articles, and it is due for retirement. Over the next months we will migrate the relevant content of CCCure.Org to CCCure.Training. So far I have developed 38 Hours of thorough Computer Based Tutorial on our new portal and I will continue over the next week as well.

I have never read as many NIST standards, books, and documents as I did over the past two weeks. I am on a roll and well on my way to cover all of the domains of the CBK. The most important ones are mostly done. The next one on the list will be Security Architecture and Design.

I am pleased to say that I have just uploaded my BCP and DRP CBT tutorial to the site a few minutes ago. It is a complete CBT that covers 100% of all exam objectives. You have 2 hours and 6 minutes of thorough coverage.

This is one of the TOP 5 Domains for you exam. This is the a domain that will make you pass or fail the exam. It counts for about 12% of the whole exam. You must master this domain.

With this domain completed, we now have a total of more than 38 hours of tutorial, covering 5 of the most important domains. All the tutorials are developed by CCCure/Clement the owner and founder of CCCure. They are all available on on the web site to all of our Silver and Gold members.

I am pleased to say that I have just uploaded Part 3 of my Telecommunication and Network Security CBT tutorial to our Learning portal at https://cccure.training/index.php a few minutes ago. I am now working on the 4th and last portion and it should be ready soon.

That's a total of 24 hours of tutorial developed by CCCure/Clement for the CISSP CBK alone.

Acunetix Free Scan will identify network security issues including the feared Heartbleed to allow businesses to fix them in time

London, UK - 17th June 2014 – The recent Heartbleed vulnerability has highlighted the urgent need for more network level security scanning. In view of this, Acunetix has announced that it will be offering 10,000 Free Network Security scans with Acunetix Online Vulnerability Scanner (OVS) in a bid to make it easier for businesses to take control of their network security.

Acunetix Online Vulnerability Scanner is a hosted security scanner that will scan a perimeter server for network level vulnerabilities and provide detailed reports so as to allow the security administrator to fix the vulnerabilities before a hacker finds them.

All the Network Scanning capabilities available in Acunetix OVS will be available for free for fourteen days, allowing users to audit their internet (and hacker) facing servers.

Audit their internet facing servers and identify system and network weaknesses

Ensure that servers are not running any illegitimate services, such as Trojans, or services that are installed unintentionally

Identify any vulnerable versions of applications running on the servers

Discover the information that the systems are leaking using various techniques such as OS fingerprinting, port banner grabbing and service probing

Ensure that all the organisation’s services, including FTP and mail, do not suffer from Heartbleed

Get additional information about other vulnerabilities and network problems detected.

To make use of this offer, companies must sign up at: www.acunetix.com/free-network-security-scan/ using a valid company email address. Once their scan target has been verified they can then make use of the scanning features mentioned above.

“Building on Acunetix’ success as the market leader in web vulnerability detection, we wanted to ensure no stone was left unturned, by adding another layer of security - the detection of network vulnerabilities,” announced Nicholas Sciberras, Product Manager at Acunetix. “The Heartbleed bug has been dubbed by experts as one of the most dangerous security vulnerabilities to ever hit the Internet. With the free Acunetix security scan, however, we have provided companies a way to leverage our security knowledge to help secure their network,” added Mr. Sciberras.

About Acunetix

Acunetix is the market leader in web application security technology, founded to combat the alarming rise in web attacks. Its products and technologies are the result of several years of work by a team of highly experienced security developers. Acunetix’ customers include the U.S. Army, KPMG, Adidas and Fujitsu. More information can be found at www.acunetix.com.

Public classes are available at events such as Black Hat, OWASP Appsec events etc. A private/in-house class can be arranged upon request. Please email [email protected] for more details.

NotSoSecure Pentest

Our Pentest team comprises of industry's leading experts. Whether its a web application or a mobile application or even an external/internal Infrastructure test, we provide a comprehensive review. The recommendation section in the report not just guide you on how to patch against a security vulnerability but contains a wealth of security best practices and industry guidelines. To obtain a NotSoSecure pentest, please contact on ([email protected])for more details.

What our customers say?

"In the last pentest, we engaged with NotSoSecure team and the results shocked one and all. They uncovered a series of critical vulnerabilities within our applications. Surprisingly, these apps have been pentested by some of the leading pentest companies over the years. Its good to be working with NotSoSecure team and they sure know this art better than most..."

- Andrew, VP, US Financial Sector.

"I am a pentester with over 5 years of experience. After attending Sid's class on Injection Flaws, I have definitely gained an edge over my colleagues. The labs in the class were fantastic and sid's expertise and knowledge of the subject is amazing. I highly recommend NotSoSecure's courses to one and all."

The need to secure your website and perimeter servers is evident - each year thousands of hacks take place that wreak havoc to businesses. Yet not all businesses can afford to operate the required scanning tools to check that your systems are secure. Acunetix Online Vulnerability Scanner acts as a virtual security officer for your company, scanning your websites, including integrated web applications, web servers and any additional perimeter servers for vulnerabilities. And allowing you to fix them before hackers exploit the weak points in your IT infrastructure!

Unlike other online security scanners, Acunetix is able to find a much greater number of vulnerabilities because its intelligent analysis engine - it can even detect DOM Cross-Site Scripting and Blind SQL Injection vulnerabilities. And with a minimum of false positives. Remember that in the world of web scanning its not the number of different vulnerabilities that it can find, its the depth with which it can check for vulnerabilities. Each scanner can find one or more SQL injection vulnerabilities, but few can find ALMOST ALL. Few scanners are able to find all pages and analyze all content, leaving large parts of your website unchecked. Acunetix will crawl the largest number of pages and analyze all content.

Utilizes OpenVAS for cutting edge network security scanning

And Acunetix OVS does not stop at web vulnerabilities. Recognizing the need to scan at network level and wanting to offer best of breed technology only, Acunetix has partnered with OpenVAS - the leading network security scanner. OpenVAS has been in development for more then 10 years and is backed by renowned security developers Greenbone. OpenVAS draws on a vulnerability database of thousands of network level vulnerabilities. Importantly, OpenVAS vulnerability databases are always up to date, boasting an average response rate of less than 24 hours for updating and deploying vulnerability signatures to scanners.

Start your scan today

Getting Acunetix on your side is easy - sign up minutes, install the site verification code and your scan will commence. Scanning can take several hours, depending on the amount of pages and the complexity of the content. After completion scan reports are emailed to you - and Acunetix Security Consultants are on standby to explain the results and help you action remediation. Sign up here

CCCure has just launched a new computer based tutorial for Security+, we have an introductory special for thanksgiving at only $47.77 per month. This is a limited introductory offer and then it will be sold at the regular price of $67.77 a month.

This CBT is NOT for people who are ONLY interested in passing the exam without gaining true knowledge.

This CBT is an holistic coverage of 100% of all of the Security+ 301 objectives from CompTIA. It will give you a very strong foundation on which you can build and advance further into your career. We do not believe in producing people with only letters after their name, we believe in producing security professionals who can Talk The Talk and Walk The Walk.

This is the exact same content that you would get if you attend one of my 5 days bootcamp. The difference is you do it on your own time and you get email support from your instructor Clement Dupuis as you make it through your learning package.

The portal we use to deliver the content has downloads, forums, videos, tips and tricks, and a whole lot more.

Our forums discusses in detail the new performance based questions and what you can expect on the exam. There will be no surprise when you get to the real exam. We will walk you through those scenarios step by step. We will make sure you have the knowledge and skills to decipher those scenario based questions and pass the exam while ensuring you become a knowledgeable and contributing member of any team.

This package has proven itself over the past year with a documented passing rate above 96% in the dozens of classes where it was used. It has been used by hundreds of students who have passed their exam on the first try. This is field tested and our students always had raving reviews about it's content.

Get the CISSP STUDY GUIDE from Eric Conrad for only $1Posted by boss on Saturday, 02 November 2013 @ 08:03:42 CET (3988 reads)TopicCISSP OSG INFO

Anonymous writes "

THIS DEAL IS NOW EXPIRED

Sorry if you missed it. It was really one of a kind. I was able to get six great books for $6.

Hopefully it will come back again in the future.

Best regards

Clement

Eric Conrad sent me an email about an AMAZING deal going on from his publisher. When I say Amazing I do mean Amazing.

There is no trick or catch. You can really get the 2nd Edition of the CISSP STUDY GUIDE from Eric Conrad for only $1. The best it is directly from the publisher website and not some illegal copies. This is the latest copy of the book.

Make sure you use the promo code listed below to get the rebate.

Best regards

Clement

Here is the announcement from Eric:

FYI: Elsevier is having a crazy ebook sale, and the 2nd edition of the CISSP Study Guide is available for $1.00.

The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) today released its Preliminary Cybersecurity Framework (PDF) to help critical infrastructure owners and operators reduce cybersecurity risks in industries such as power generation, transportation and telecommunications. In the coming days, NIST will open a 45-day public comment period on the Preliminary Framework and plans to release the official framework in February 2014, as called for in Executive Order 13636—Improving Critical Infrastructure Cybersecurity.

In February 2013, President Obama directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks, recognizing that U.S. national and economic security depends on the reliable functioning of critical infrastructure. Through a request for information and a series of workshops held throughout 2013, NIST engaged with more than 3,000 individuals and organizations on standards, best practices and guidelines that can provide businesses, their suppliers, their customers and government agencies with a shared set of expected protections for critical information and IT infrastructure.

"Thanks to a tremendous amount of industry input, the voluntary framework provides a flexible, dynamic approach to matching business needs with improving cybersecurity," said Under Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher. "We encourage organizations to begin reviewing and testing the Preliminary Framework to better inform the version we plan to release in February."

The Preliminary Framework outlines a set of steps that can be customized to various sectors and adapted by both large and small organizations while providing a consistent approach to cybersecurity. It offers a common language and mechanism for organizations to determine and describe their current cybersecurity posture, as well as their target state for cybersecurity. The framework will help them to identify and prioritize opportunities for improvement within the context of risk management and to assess progress toward their goals.

The framework will foster communications among internal and external stakeholders and help organizations hold each other accountable for strong cyber protections while allowing flexibility for specific approaches tailored to each business' market and regulatory environment. Its integrated approach focuses on outcomes, rather than any particular technology, to encourage innovation.

"We want to turn today's best practices into common practices, and better equip organizations to understand that good cybersecurity risk management is good business," explained Gallagher. "The framework will be a living document that allows for continuous improvement as technologies and threats evolve. Industry now has the opportunity to create a more secure world by taking ownership of the framework and including cyber risks in overall risk management strategies."

While this framework is developed explicitly to respond to the February 2013 Executive Order and the importance of reducing risks to the critical infrastructure, it can be applied by other organizations to improve their readiness to deal with increasing cybersecurity risks in all industries.

As a non-regulatory agency of the U.S. Department of Commerce, NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. To learn more about NIST, visit www.nist.gov.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.